[Git][security-tracker-team/security-tracker][master] Update some ofono related CVEs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d171a3e1 by Salvatore Bonaccorso at 2025-01-06T07:17:26+01:00
Update some ofono related CVEs

Two CVEs from the #1078555 bugreport remain so far unfixed.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39588,47 +39588,47 @@ CVE-2024-23657 (Nuxt is a free and open-source framework to create full-stack we
 CVE-2023-5000 (The Horizontal scrolling announcements plugin for WordPress is vulnera ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-7547 (oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vul ...)
-	- ofono <unfixed> (bug #1078555)
+	- ofono 2.14-1 (bug #1078555)
 	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
 	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1087/
 CVE-2024-7546 (oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulne ...)
-	- ofono <unfixed> (bug #1078555)
+	- ofono 2.14-1 (bug #1078555)
 	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
 	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1086/
 CVE-2024-7545 (oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulne ...)
-	- ofono <unfixed> (bug #1078555)
+	- ofono 2.14-1 (bug #1078555)
 	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
 	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1085/
 CVE-2024-7544 (oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulne ...)
-	- ofono <unfixed> (bug #1078555)
+	- ofono 2.14-1 (bug #1078555)
 	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
 	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1084/
 CVE-2024-7543 (oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulne ...)
-	- ofono <unfixed> (bug #1078555)
+	- ofono 2.14-1 (bug #1078555)
 	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
 	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1083/
 CVE-2024-7542 (oFono AT CMGR Command Uninitialized Variable Information Disclosure Vu ...)
-	- ofono <unfixed> (bug #1078555)
+	- ofono 2.14-1 (bug #1078555)
 	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
 	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1082/
 CVE-2024-7541 (oFono AT CMT Command Uninitialized Variable Information Disclosure Vul ...)
-	- ofono <unfixed> (bug #1078555)
+	- ofono 2.14-1 (bug #1078555)
 	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
 	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1081/
 CVE-2024-7540 (oFono AT CMGL Command Uninitialized Variable Information Disclosure Vu ...)
-	- ofono <unfixed> (bug #1078555)
+	- ofono 2.14-1 (bug #1078555)
 	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
 	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1080/
 CVE-2024-7539 (oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability. T ...)
-	- ofono <unfixed> (bug #1078555)
+	- ofono 2.14-1 (bug #1078555)
 	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
 	[bullseye] - ofono <postponed> (Revisit when/if fixed upstream)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1079/
@@ -72844,7 +72844,7 @@ CVE-2024-1426 (The Element Pack Elementor Addons (Header Footer, Free Template L
 CVE-2023-4509 (It is possible for an API key to be logged in clear text in the audit  ...)
 	NOT-FOR-US: Octopus Deploy
 CVE-2023-4235 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack  ...)
-	- ofono <unfixed> (bug #1070371)
+	- ofono 2.14-1 (bug #1070371)
 	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
 	[bullseye] - ofono <no-dsa> (Minor issue)
 	[buster] - ofono <postponed> (Minor issue, follow bullseye)
@@ -72864,7 +72864,7 @@ CVE-2023-4233 (A flaw was found in ofono, an Open Source Telephony on Linux. A s
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2255396
 	NOTE: https://git.kernel.org/pub/scm/network/ofono/ofono.git/commit/?id=1a5fbefa59465bec80425add562bdb1d36ec8e23 (2.3)
 CVE-2023-4232 (A flaw was found in ofono, an Open Source Telephony on Linux. A stack  ...)
-	- ofono <unfixed> (bug #1070371)
+	- ofono 2.14-1 (bug #1070371)
 	[bookworm] - ofono <postponed> (Revisit when/if fixed upstream)
 	[bullseye] - ofono <no-dsa> (Minor issue)
 	[buster] - ofono <postponed> (Minor issue, follow bullseye)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d171a3e1da87769b59021daca0b0534cfa1afa1d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d171a3e1da87769b59021daca0b0534cfa1afa1d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250106/f39092e1/attachment-0001.htm>